Information security in Companies and Administrations

IT-Grundschutz with verinice

With verinice, you can implement the BSI IT-Grundschutz along with the IT-Grundschutz Compendium and the BSI Standards 200-1, 200-2, and 200-3. The domain verinice IT-Grundschutz is suitable for creating and maintaining an Information Security Management System (ISMS) according to the BSI IT-Grundschutz methodology. You can start working on your security concept right away.

You’ll enjoy these benefits, among others:

Licensed BSI reference works (IT-Grundschutz Compendium) with all IT-Grundschutz modules
BSI Standards 200-x integrated
(free) additional modules, e.g., BSI minimum standards, IT-Grundschutz profiles, and user-defined modules
High flexibility and adaptability
Open source code with no backdoors
Partner network for support and consulting

ISO 27001 certification based on IT-Grundschutz (Standard or Core Security) or a BSI certificate (Basic Security) is possible with the help of verinice.

The IT-Grundschutz domain is now available as the verinice Grundschutz bundle on verinice.cloud or for verinice.onprem.

IT-Grundschutz can also still be managed using the verinice single-user version and the application server verinice.PRO.

Test the Grundschutz Bundle

More info

Watch videos

IT-Grundschutz in verinice

verinice supports the IT-Grundschutz of the BSI and the relevant Grundschutz Compendium. Choose the approach of basic, standard or core protection. Use the risk analysis and the IT-Grundschutz checks to maintain and continuously improve your information security.

The BSI standards are essential building blocks of the IT-Grundschutz methodology and the basis of verinice:

BSI standard 200-1: Defines general requirements for an information security management system (ISMS).
BSI Standard 200-2: This standard covers the IT-Grundschutz methodology and is the basis for setting up an ISMS. verinice supports you in the structural analysis, defining and assigning protection requirements, and handles automatic inheritance of protection requirements.
BSI-Standard 200-3: Covers risk management and contains all risk-related steps in the implementation of IT-Grundschutz. Use verinice to perform basic security checks, additional security or risk analyses, and create an implementation and audit plan.
BSI-Standard 200-4: Practical instructions for setting up a Business Continuity Management System (BCMS) in your own institution - see the verinice BCM domain.

The “IT-Grundschutz” domain contains all the object types and input masks needed to record target objects, module implementation, requirements, measures, hazards and risks.

Currently, you still have the option of using IT-Grundschutz in the classic verinice (working in the IT-Grundschutz protection perspective) or to decide in favor of the new implementation as SaaS (bundle verinice Grundschutz).

IT-Grundschutz in the New Generation of verinice

The IT-Grundschutz domain is available in the new generation of verinice—as part of the verinice Grundschutz Bundle and the verinice ISO+GS Bundle.

Both bundles combine several specialized domains for information security, compliance, and data protection: In addition to the domain IT Grundschutz, they also include the domain NIS-2 and the domain Data Protection. The verinice ISO+GS Bundle supplements this scope with the domain ISO 27001.

Two models are available for operation: verinice.cloud as a SaaS offering operated by SerNet and verinice.onprem for operation under your own responsibility. The free 30-day evaluation of the verinice Grundschutz bundle or the verinice ISO+GS bundle is available via verinice.cloud.

The following feature overview clearly shows which features have already been implemented and which are coming soon. This allows you to determine when a migration or new implementation is appropriate for you and plan accordingly.

Functions: Grundschutz in verinice.veo

The domain of IT-Grundschutz in verinice.veo already offers:

Structure analysis
Assessment of protection needs
Building block modeling
IT-Grundschutz check
Maintenance and continuous improvement
Reporting: Creation of the reference documents required for certification
Officially licensed IT-Grundschutz compendium of the BSI
- Building blocks
- Requirements
- Hazards
Profiles
- “Standard and core protection” profile
Automatic creation of the threat overview through integrated mapping of the cross-reference tables
Automatic inheritance of the protection requirement
Documentation of the implementation of requirements and security measures
Assignment of responsible persons for modules, target objects, requirements, etc.
Use of all recorded objects in all domains – objects recorded in the basic protection can be used in data protection
Cloud native: Can be used as a SaaS solution or private cloud
Version history: Revision-secure storage of all entries in the object history with the option of recovery
Multi-Scope: an object can be used in any number of information networks
Multi-Part: objects can be nested in any way, e.g. “location-building-room” or “department-team-employee”. Complex structures can be easily mapped.
Links: objects can be linked, for example, to designate the person responsible for a module or to automatically pass on the protection requirement between dependent systems.
Self-Customizing: customizable levels for protection needs and risk assessment
Adding further categories to assess information security, such as “authenticity”

Outlook: More Grundschutz in verinice.veo

IT-Grundschutz users can expect the following features in the next releases of verinice.veo:

Tools for data transfer from verinice(.PRO)
- Transfer of target objects
- Transfer of modeled building blocks
- Transfer of documented requirement implementations
- Transfer of user authorizations
- Transfer of notes and attachments
Fine-grained rights and role management
Background processing: Moving long-running requests into the background and notification on completion (import, export, report generation) for more stability even with an interrupted network connection
Reduction of documentation effort for implementing requirements through “organization-wide implementation” and “implementation of the implementation”

Our roadmap provides a complete overview of planned features.

Migration to the new verinice generation

The migration to the new verinice generation will be made available by the verinice team in early 2026. Have you been working with IT-Grundschutz or the IT-Grundschutz perspective so far? Then choose the Grundschutz Bundle and continue managing your ISMS in this domain.

The new verinice as SaaS verinice.cloud and as verinice.onprem for in-house operation is ready for use, and the range of features is gradually expanding. We transparently report on progress here, and you decide when the right time is for you to make the switch. SerNet will continue to support the classic verinice until 2027.

We are also making additional content, such as IT-Grundschutz profiles, minimum standards, etc., available in phases for the new verinice generation.

Consulting and Support

SerNet GmbH is the publisher of verinice and is responsible for the technical and functional development of the tool. SerNet also offers technical support and assists the verinice partners: the network of qualified consultants helps with the first use of verinice as well as with the implementation of complex management systems, certifications and audits.

SerNet-Support

Are you already a customer? This way!
As a new customer, the quickest way to get access to our services is a support budget from the verinice shop. Alternatively, you can contact us directly and conclude a support contract.

Support for verinice

Partner network

Our verinice partners are available to answer any questions you may have and help you with projects related to verinice. In all regions of Germany – and beyond – you will find partners who can support you in a range of specialist areas.

Partner Network